Ucp Buyer Consent
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: ucp-buyer-consent Version: 1.0.0 The skill bundle provides documentation and instructions for an AI agent to implement the Universal Commerce Protocol (UCP) Buyer Consent extension. The SKILL.md file contains architectural overviews and directs the agent to fetch legitimate protocol specifications from ucp.dev. There are no indicators of malicious intent, data exfiltration, or harmful execution; the instructions specifically emphasize human-in-the-loop consent collection and regulatory compliance.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may incorporate information from current web pages or sample repositories when helping implement the extension.
The skill directs the agent to rely on live external documentation and GitHub examples. This is coherent with implementing a current protocol spec, but it means generated work may depend on mutable external content.
Fetch `https://ucp.dev/specification/buyer-consent/` ... Web-search `site:github.com Universal-Commerce-Protocol buyer consent`
Use the official UCP specification as the primary source, review any GitHub examples before adopting them, and do not run third-party sample code blindly.
A generated implementation may store users' consent choices and timestamps, which should be protected and retained only as needed.
The skill recommends persistent storage of consent records. This is purpose-aligned for privacy compliance, but consent records can be privacy-relevant user data.
Store consent records with timestamps for audit compliance (your application should track this; the protocol does not include a consent_timestamp field)
Ensure the implementation limits stored consent data, protects access, defines retention/deletion rules, and supports consent withdrawal where required.